Skip to main content
All CollectionsHR & Admin GuideManaging users
Assign roles and admin permissions
Assign roles and admin permissions

Manage user access to specific features and configuration in Yokoy.

Yokoy Team avatar
Written by Yokoy Team
Updated this week

🌐 Web | 👤 Yokoy admin with Finance/HR permissions

In Yokoy, roles and permissions are used to manage access to the tool and determine what tasks users can perform in the tool on a day-to-day basis, whether it is perform spend control or maintenance in the application.

Yokoy combines role-based and policy-based access to determine user access:

  • role-based access: submitter, finance user, card admin, etc.

  • policy-based access: line manager, cost object owner, assistant, delegate, admin, technical user, etc.

A role is a set of predefined rights related to specific tasks or responsibilities. Roles group users according to their job functions, streamlining access control. They determine the type of access given to users to perform day-to-day activities as users of the application and determine the actions they can perform. In other words, whether a user can create, review, configure, etc.

With policy-based access via attributes, users are granted access to additional features or are able to perform additional tasks depending on a specific right or permission.

This access is determined by a specific configuration in Yokoy. It complements the roles assigned to the user. This type of access control is used for:

Roles and permissions are generally granted at legal entity level. Users can only access the information for the company to which they belong and in which they have been granted a role or permission. For example, your organization has two companies, Company A and Company B. You assign a finance role to Alex Perez for Company A. This means that Alex Perez can only access finance options for that company and cannot access finance data for Company B.

In exceptional cases, Yokoy can be configured to all users to allow cross-organizational roles (i.e. acts as a finance user for both Company A and Company B, but belongs to Company A). This is usually determined during implementation according to the organization‘s requirements.

By default, all users created in Yokoy are granted the Submitter role. Users can be assigned one or more additional roles and permissions as appropriate. Roles and permissions are assigned in Admin > Finance/HR roles. Users must exist in Yokoy before they can be assigned additional roles and/or permissions.

During the setup of the organization, Yokoy grants at least one user the Admin role with the Finance/HR roles permission. This Yokoy Admin is then responsible for assigning additional roles and/or permission to other users as required.

Roles in Yokoy

Yokoy uses these roles:

Role

Who uses this role?

Submitter

Employees who have business spend and need to claim the cost. This is a default role assigned to all users that are created in Yokoy.
See About the Submitter role

Finance

Team that is responsible for reviewing spend before payment, guaranteeing all the information flowing to the finance & accounting system is complete. For example, data is compliant, VAT, dates, taxable amounts, etc.

This role has permissions to reject and update values.

See About the Finance role

Human resources (HR)

Team that maintains the Yokoy user list, and all employee information in Yokoy: name, email, ERP, etc.

Audit

Team that reviews spend after payment, guaranteeing all the information flowing to the finance & accounting system is complete: compliant, VAT, dates, taxable amounts, etc.

This role does not have permissions to reject and update values.

Admin

System administrator who is responsible for managing Yokoy configuration.

This is a power user with limited rights. Permissions are allocated individually, rather than assigning a full set of permissions. See Configuration permissions.

Travel admin

Team that reviews travel itineraries and configures the integration with the third-party travel provider.

Card admin

Team that manages card assignments, configures card integrations. This role is only accessible if your organization uses Yokoy Platinum Visa cards (Yokoy Platinum card admin) or UBS cards (UBS card admin).

Invoice processor

Team that manages invoices, purchase orders, and goods receipts, and reviews supplier master data. This feature is only accessible if your organization uses Yokoy Invoice.

Developer

Team that is responsible for integrating Yokoy with external systems (i.e. using the Yokoy API, setting up SFTP connection, etc.). This user has permissions to operate on an organization level. This role is only assigned if your organization plans to use the Yokoy API or a file-based exchange via SFTP.

Approval permissions

These attributes grant users access to the Manager menu and depend on the approval strategy configured in Admin > Company settings for expenses or Admin > Invoice settings for invoices.

Attribute

Where configured

Access granted

Description

Line manager

  1. Enable as manager: HR > User management, Manager checkbox

  2. Determine reports: HR > User management,
    Line manager field

  1. When enabled as a manager, grants access to the Manager menu.

  2. Determines approval flow for line manager approval

Used by line manager approval strategy:

  • Approve expenses submitted by subordinates

  • View historical and current expenses

  • Set auto-approval threshold

  • Delegate approval

Cost object approver

  • Admin > Cost objects

Manager menu

Used by cost object approval strategy:

  • Approve expenses submitted to cost center

  • View historical and current expenses

  • Set auto-approval threshold

  • Delegate approval

Assistant

  • My profile > My assistant

  • HR > User management

Submitter > Assistant (expenses only)
Submitter (invoices)

Used by employees who want to create and submit expenses and invoices on behalf of other employees. They cannot approve on the behalf of other employees.

Delegate

  • HR > User management, My delegate

  • Manager > Cost objects

  • Admin > Cost objects

  • My profile (see Delegate)

Manager menu
(for the person assigned as delegate)

Used by employees who want to allow other employees to approve and review spend on their behalf. They cannot submit on behalf of another user.

Line manager approval:

  • Approve expenses from line manager’s subordinates according to line manager’s threshold

Cost object approval:

  • Approve expenses for the cost center

Configuration permissions

Users who are granted any of these permissions automatically assume an Admin role in Finance/HR roles. However, they can only see the screen that they have been granted access to and cannot perform any other action than that specified. For example if they were granted the cost object permission, they can only create/edit/delete cost objects; they can’t perform any other task.

These permissions are granted in the Setup field for the role.

Setup permission

Access granted

Description

Finance/HR roles

Admin > Finance/HR roles

Manage role-based access for other users.

Company settings

Admin > Company

Manage company settings, such as general settings (name, country, company currency, etc.), approval & finance review, expense report definition (what kind of expense and invoice reports are activated), compliance, etc.

Cost objects

Admin > Cost objects

Manage cost objects (name, cost object code, hierarchy, cost object approver, cost object delegate, auto-approval threshold, etc.)

Category setup / Categories (Supplier invoices)

Admin > Categories (Expenses)

Admin > Categories (Invoices)

Manage expense and invoice categories

Management of tags

Admin > Company, Enable tags

Admin > Tags

Manage tags for the legal entity.

Integrations

Admin > Integrations

Manage Yokoy and third-party integrations for exporting expenses and invoices, e-invoicing, and travel providers.

Company cards

Admin > Company cards

Manage company card list (name, ERP code, card, owner, card currency, etc.).

This is a list of the cards available in Yokoy. It does not issue cards to a user or manage the card’s settings.

Transaction settings

Admin > Transaction settings

Manage rules that determine expense <> transaction matching and tolerances.

Expense rules

Admin > Expense rules

Manage expense rules that create warnings.

Mileage rates

Admin > Mileage rates

Manage mileage rates.

Per diem

Admin > Per diems

Manage per diems.

Policy setup

Admin > Policies

Manage policy groups to which categories, expense rules, mileage rates, per diems, and tag dimensions can be mapped to.

VAT / Tax rate setup

Admin > VAT / Tax rates

Manage tax rates.

Import log

Admin > Import log

View imported data files that have been imported manually or automatically.

Specific feature roles and permissions

Depending on the Yokoy package that your organization may have, you can grant additional roles and permissions to perform configuration of the feature.

Yokoy Invoice

Apart from assigning a user as an invoice processor, users can be granted permission to manage invoice settings.

Setup permission

Access granted

Description

Suppliers

Invoice processor > Suppliers

Access to Yokoy Invoice settings for suppliers.

Invoice settings

Admin > Invoice settings

Access to Yokoy Invoice general settings.

Payment terms

Admin > Invoice payment terms

Access to set up payment terms that can be used with suppliers.

Invoice business rules

Admin > Invoice business rules

Access to configure formal checks and keyword detection rules.

🚧 Warning

If you provide the admin role to access invoice configuration without the Invoice processor role, users cannot access the supplier settings.

Workflow Designer

If you plan to set up a custom workflow for your company, you can grant users an additional permission to use the Workflow Designer to build your workflow.

Setup permission

Access granted

Description

Workflow designer

Admin > Workflow designer

Access to the Workflow Designer.

Granting a role and permissions

To manage the roles of one or multiple users, go to the Admin > Finance / HR roles and choose the applicable company for which you want to configure a specific role and/or permissions.

To adjust a user’s role in Yokoy, click + Add new role if they are not already displayed in the table. If they are displayed in the table, click on their name.

A new window pops up where you can either select an employee from the Employee dropdown list or view the employee’s name if you are adjusting the permissions for an existing user.

To assign a role, select the corresponding checkbox. If you want to grant additional permissions, click the Setup dropdown list and select the corresponding permissions. You can select as many as required.

Once you're done, click Save.

Importing multiple roles and permissions

You can define roles for multiple users simultaneously by clicking Import file. In the dialog window, select the company for which you want to grant the user access. You can download an example CSV file to help you determine the format.

Each user is specified on a separate row. The first row of the CSV corresponds to the column headers that are used within the file. You can omit columns as required; however, you must include the column headers for the values included.

Use commas as column separators. All values except the id should be specified within quotation marks ("). For example, to grant a user with the email address academy@yokoy.ai the role of finance user and access to company settings, the row should look like this:

id, "hr", "finance", "setup"
academy@yokoy.ai, "false", "true", "["legalEntities"]"

Column

Description

id

Email address of the user for which you want to configure the role. The user must already exist in Yokoy.

hr

Enter TRUE if you want grant the user the HR role.

finance

Enter TRUE if you want grant the user the finance role.

setup

Define the configuration permissions you want to grant the user by inserting one or multiple values, i.e. "["legalEntities", "taxRates"]":

  • Company settings: legalEntities

  • Integrations: erpSetup

  • Tax rates: taxRates

  • Company cards: companyCreditCards

  • Expense categories: categories

  • Tags: tags

  • Transactions: adminTransaction

  • Mileage rates: mileageRates

  • Per diems: perDiemRates

  • Expense rules: expenseRules

  • Employee policies: policies

  • Import logs: importLogs

  • Finance/HR roles: operationsRoles

  • Cost objects: costCenters

  • Payment terms: paymentTerms

  • Suppliers: suppliers

  • Invoice categories: supplierInvoiceCategories

  • Invoice settings: invoiceSettings

  • Workflow Designer: workflowSettings

  • Invoice business rules: invoiceBusinessRules

audit

Enter TRUE if you want grant the user the audit role.

travelAdmin

Enter TRUE if you want grant the user the travel admin role.

yokoyCardsAdmin

Deprecated. Ignore this column.

marqetaCardsAdmin

Enter TRUE if you want grant the user the card admin role for Yokoy Platinum Visa cards.

ubsCardsAdmin

Enter TRUE if you want grant the user the card admin role for UBS cards.

hrTimeSheet

Deprecated. Ignore this column.

Once you entered all required data in the CSV file, click Choose file to upload your CSV file or use the drag-and-drop function to drag the file directly into the field.

To finish this process, click Start import. Once processed, you see a confirmation screen that indicates the number of users that were updated. If there were any errors in the import process, you can download a log file to troubleshoot any issues.

Did this answer your question?